:original_name: mrs_01_1569.html

.. _mrs_01_1569:

SSL
===

Scenarios
---------

When the secure Flink cluster is required, SSL-related configuration items must be set.

Configuration Description
-------------------------

Configuration items include the SSL switch, certificate, password, and encryption algorithm.

.. table:: **Table 1** Parameters

   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | Parameter                        | Description                                                                   | Default Value                                                                                                                                         | Mandatory       |
   +==================================+===============================================================================+=======================================================================================================================================================+=================+
   | security.ssl.enabled             | Main switch of internal communication SSL.                                    | The value is automatically configured according to the cluster installation mode.                                                                     | Yes             |
   |                                  |                                                                               |                                                                                                                                                       |                 |
   |                                  |                                                                               | -  Security mode: The default value is **true**.                                                                                                      |                 |
   |                                  |                                                                               | -  Non-security mode: The default value is **false**.                                                                                                 |                 |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | security.ssl.keystore            | Java keystore file.                                                           | ``-``                                                                                                                                                 | Yes             |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | security.ssl.keystore-password   | Password used to decrypt the keystore file.                                   | ``-``                                                                                                                                                 | Yes             |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | security.ssl.key-password        | Password used to decrypt the server key in the keystore file.                 | ``-``                                                                                                                                                 | Yes             |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | security.ssl.truststore          | **truststore** file containing the public CA certificates.                    | ``-``                                                                                                                                                 | Yes             |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | security.ssl.truststore-password | Password used to decrypt the truststore file.                                 | ``-``                                                                                                                                                 | Yes             |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | security.ssl.protocol            | SSL transmission protocol version.                                            | TLSv1.2                                                                                                                                               | Yes             |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+
   | security.ssl.algorithms          | Supported SSL standard algorithm. For details, see the Java official website. | The default value:                                                                                                                                    | Yes             |
   |                                  |                                                                               |                                                                                                                                                       |                 |
   |                                  |                                                                               | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |                 |
   +----------------------------------+-------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+